CVE-2025-5397
published 2025-10-31CVE-2025-5397: The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login()…
PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.00%
58.6th percentile
The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability.
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered via the check_login() function, which fails to properly verify a user's identity. Monitor for unauthenticated requests invoking this function path in the JobMonster theme. ↗
- →Exploitation requires social login to be enabled on the target site. Audit WordPress sites using JobMonster for enabled social login features as a precondition indicator. ↗
- →Active in-the-wild exploitation has been observed. Review access logs for suspicious authentication events, especially unauthenticated sessions gaining administrative access on sites running JobMonster ≤ 4.8.1. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hpv5-jh7r-pxpv: The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4
ghsa_unreviewed·2025-10-31
CVE-2025-5397 [CRITICAL] CWE-288 GHSA-hpv5-jh7r-pxpv: The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4
The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability.
VulnCheck
nootheme jobmonster Authentication Bypass Using an Alternate Path or Channel
vulncheck·2025·CVSS 9.8
CVE-2025-5397 [CRITICAL] nootheme jobmonster Authentication Bypass Using an Alternate Path or Channel
nootheme jobmonster Authentication Bypass Using an Alternate Path or Channel
The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability.
Affected: nootheme jobmonster
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/thr
No detection rules found.
No public exploits indexed.
2025-10-31
Published
Exploited in the wild